When I try to log into the snap distribution of the Bitwarden linux client, I am prompted to open Firefox in order to authenticate with Duo. When Firefox opens I receive the ugly Duo auth window and am able to trigger a FIDO2 authentication using a security key. (Everything up to here is working as expected).
When the Duo authentication completes I would expect it to open my vault, but instead a new Duo window opens on my desktop and displays the initial email prompt for login. I’ve already run “snap connect bitwarden:password-manager-service”
Has anyone else experienced this?
I’ve just upgraded to Kubuntu 24.04 and I’m still seeing this behavior
This happens to me too. Ubuntu 24.04
When Duo prompts you to auth with your yubikey, does it say that the first attempt was cancelled? I always get a notification reading “Your login request with security key was canceled.” and then I have to press the “Try Again” button to get a chance to auth.
It appears that this is not specifically related to yubikeys but rather occurs for any duo authentication
Hi there, I’m not sure how you are able to trigger fido2 authentication as it is not implemented on desktop linux (though there was an experimental PR adding it via the browser).
For duo auth, this is a known problem that was also present for SSO. This is fixed here: [PM-11341] Fix snap protocol handler by quexten · Pull Request #11932 · bitwarden/clients · GitHub and should be included in the next major release.
Is there a way to test that change? Or is there a release roadmap?
Sure! You can download the build from the change from GitHub here: [PM-11341] Fix snap protocol handler · bitwarden/clients@ea600ef · GitHub and install it with snap install --dangerous ./bitwarden_2024.11.0_amd64.snap
. The --dangerous
flag is needed because the CI builds are not signed.
Note: This is a development build and has not been through the regular QA testing for quality assurance.
The change will most likely be included in 2024.12.0.
I forgot to address your implied question: I’ve got they key set up in Duo so Bitwarden opens a FF windows for Duo to authenticate and then Duo triggers the fido2 auth workflow.
Thanks for sharing. It helps me a lot.